1. Empire介绍
Empire是一款针对Windows平台的、使用PowerShell脚本作为攻击载荷的渗透攻击框架工具,具有从stager生成、提权到渗透维持的一系列功能。Empire实现了无需powershell.exe就可运行PowerShell代理的功能,还可以快速在后期部署漏洞利用模块,其内置模块有键盘记录、Mimikatz、绕过UAC、内网扫描等,并且能够躲避网络检测和大部分安全防护工具的查杀,简单来说有点类似于Metasploit,是一个基于PowerShell的远程控制木马。
2. Empire安装
环境:kali 2021.2
Empire:Empire 4
2.1 环境要求
Kali Linux Rolling
Ubuntu 20.04
Debian 10
Python 3.8 is the minimum Python version required(用3.10会有问题)
2.2 安装方式
github上提供的安装方式有三种:
sudo apt install powershell-empire安装
./install.sh安装
docker安装
本文先尝试了./install.sh安装,但是由于kali上前期装了很多软件,出现了python环境问题,导致没有安装成功,也将安装遇到的问题一并列在了后面。
然后又回滚到python 3.9,使用apt install powershell-empire安装,结果成功了。
2.3 将python2的环境换成python3
rm /usr/bin/python
ln -s /usr/bin/python3 /usr/bin/python
2.4 apt install powershell-empire
环境配置好后,过程没有遇到问题,省略。
2.5 下载安装文件
sudo git clone https://github.com/BC-SECURITY/Empire.git
2.6 ./install.sh安装
cd Empire
cd setup
sudo ./install.sh
2.7 遇到的报错及注意事项
2.7.1 安装时需要等待时间长,且需要多次尝试,建议在git clone后将下载好的目录备份,因为从github上下载太慢
2.7.2 此处建议使用kali官方apt-get源,否则可能会出现各种报错
官方源:
deb Index of /kali kali-rolling main non-free contrib
deb-src Index of /kali kali-rolling main non-free contrib
设置完apt-get源后,使用apt-get update
2.7.3 git下载时遇到报错,重试后可以,是网络原因
git clone GitHub - BC-SECURITY/Empire: Empire is a PowerShell and Python 3.x post-exploitation framework.
└─# git clone https://github.com/BC-SECURITY/Empire.git
Cloning into 'Empire'...
remote: Enumerating objects: 23962, done.
remote: Counting objects: 100% (39/39), done.
remote: Compressing objects: 100% (28/28), done.
Receiving objects: 2% (480/23962), 140.00 KiB | 258.00 KiB/s
error: RPC failed; curl 56 GnuTLS recv error (-54): Error in the pull function.
error: 3120 bytes of body are still expected
fetch-pack: unexpected disconnect while reading sideband packet
fatal: early EOF
fatal: index-pack failed
重新执行:
git clone https://github.com/BC-SECURITY/Empire.git
2.7.4 GnuTLS recv error (-110): The TLS connection was non-properly terminated.仍然是网络原因,继续重新安装
fatal: unable to access 'GitHub - BC-SECURITY/bomutils: Open source tools to create bill-of-materials files used in Mac OS X installers': GnuTLS recv error (-110): The TLS connection was non-properly terminated.
2.7.5 以下报错不清楚原因,重新安装,不选择装Nim和minGW
Prompt: No local packages.json found, download it from internet? -> [forced yes]
Downloading Official package list
Success Package list downloaded.
Prompt: winim not found in any local packages.json, check internet for updated packages? -> [forced yes]
Downloading Official package list
Success Package list downloaded.
Tip: 10 messages have been suppressed, use --verbose to show them.
Error: Package not found.
2.7.6 Python 3.10和pip 3.10环境安装有问题,降到3.9可以完成安装
Traceback (most recent call last):
File "/usr/local/bin/poetry", line 5, in <module>
from poetry.console import main
File "/usr/local/lib/python3.10/dist-packages/poetry/console/__init__.py", line 1, in <module>
from .application import Application
File "/usr/local/lib/python3.10/dist-packages/poetry/console/application.py", line 7, in <module>
from .commands.about import AboutCommand
File "/usr/local/lib/python3.10/dist-packages/poetry/console/commands/__init__.py", line 4, in <module>
from .check import CheckCommand
File "/usr/local/lib/python3.10/dist-packages/poetry/console/commands/check.py", line 2, in <module>
from poetry.factory import Factory
File "/usr/local/lib/python3.10/dist-packages/poetry/factory.py", line 16, in <module>
from .packages.locker import Locker
File "/usr/local/lib/python3.10/dist-packages/poetry/packages/__init__.py", line 2, in <module>
from .locker import Locker
File "/usr/local/lib/python3.10/dist-packages/poetry/packages/locker.py", line 38, in <module>
from poetry.utils.extras import get_extra_package_names
File "/usr/local/lib/python3.10/dist-packages/poetry/utils/extras.py", line 7, in <module>
from poetry.utils.helpers import canonicalize_name
File "/usr/local/lib/python3.10/dist-packages/poetry/utils/helpers.py", line 11, in <module>
import requests
File "/usr/local/lib/python3.10/dist-packages/requests/__init__.py", line 43, in <module>
import urllib3
File "/usr/local/lib/python3.10/dist-packages/urllib3/__init__.py", line 8, in <module>
from .connectionpool import (
File "/usr/local/lib/python3.10/dist-packages/urllib3/connectionpool.py", line 29, in <module>
from .connection import (
File "/usr/local/lib/python3.10/dist-packages/urllib3/connection.py", line 39, in <module>
from .util.ssl_ import (
File "/usr/local/lib/python3.10/dist-packages/urllib3/util/__init__.py", line 3, in <module>
from .connection import is_connection_dropped
File "/usr/local/lib/python3.10/dist-packages/urllib3/util/connection.py", line 3, in <module>
from .wait import wait_for_read
File "/usr/local/lib/python3.10/dist-packages/urllib3/util/wait.py", line 1, in <module>
from .selectors import (
File "/usr/local/lib/python3.10/dist-packages/urllib3/util/selectors.py", line 14, in <module>
from collections import namedtuple, Mapping
ImportError: cannot import name 'Mapping' from 'collections' (/usr/lib/python3.10/collections/__init__.py)